Displaying 20 results from an estimated 3000 matches similar to: "[Bug 2066] New: ssh tries the keys proposed by the agent before those passed with -i"
2012 Jul 06
9
[Bug 2024] New: Allow to ssh client say to ssh-agent which key should be used.
https://bugzilla.mindrot.org/show_bug.cgi?id=2024
Priority: P5
Bug ID: 2024
Assignee: unassigned-bugs at mindrot.org
Summary: Allow to ssh client say to ssh-agent which key should
be used.
Severity: enhancement
Classification: Unclassified
OS: Linux
Reporter: pub at mnu.pp.ru
Hardware:
2004 Nov 28
5
include directive doesn''t expand parameters?
Hello all,
I tried to include a file from within the accounting config-file.
The filename was specified using a parameter in params as:
ACCFILE=/var/lib/shorewall/accounting.generated
and then included in accounting as:
INCLUDE $ACCFILE
However when (re)starting shorewall, it gave some error about being
unable to find ''/etc/shorewall/$ACCFILE'' (with the $ACCFILE parameter
2019 Apr 01
2
IdentityFile vs IdentitiesOnly
Hi folks,
I've got a moderate number of keys in my ssh config file.
Problem: Very often I get an error message like
Received disconnect from 2001:db8::8077 port 999:2: Too many authentication failures
Authentication failed.
AFAIU the ssh-agent is to blame here, trying out all keys
he has ever seen. This conflicts with MaxAuthTries 6, set by
default on the peer.
The solution seems to be to
2020 Apr 23
6
[Bug 3153] New: Prefer user specified keys to avoid the agent overloading MaxAuthTries before even trying the key that was specified
https://bugzilla.mindrot.org/show_bug.cgi?id=3153
Bug ID: 3153
Summary: Prefer user specified keys to avoid the agent
overloading MaxAuthTries before even trying the key
that was specified
Product: Portable OpenSSH
Version: 8.2p1
Hardware: Other
OS: Linux
Status: NEW
2019 Oct 09
3
[Bug 3080] New: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly
https://bugzilla.mindrot.org/show_bug.cgi?id=3080
Bug ID: 3080
Summary: Document IdentityFile=none and clarify interaction of
defaults with IdentitiesOnly
Product: Portable OpenSSH
Version: 8.0p1
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: P5
2017 Jul 05
9
[Bug 2738] New: UpdateHostKeys does not check keys in secondary known_hosts files
https://bugzilla.mindrot.org/show_bug.cgi?id=2738
Bug ID: 2738
Summary: UpdateHostKeys does not check keys in secondary
known_hosts files
Product: Portable OpenSSH
Version: 7.4p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh
2004 May 12
3
Oddness with agent forwarding and -i
Hey everyone,
I hope this isn't an old issue; I wasn't able to
locate it in the archives.
I have a number of scripts which make use of ssh -i
and scp -i, where the target host has the specified
key in its authorized_keys file with a command=
override to do immediate processing of the received
data. This works extremely well, as we are able to
establish single-function, triggered-action
2017 Jun 21
1
encoding/locale problem with ssh -X
Hi all,
I am struggling with remote R sessions and a (I suspect) locale related
encoding problem: Using the X11 device (X11forwarding enabled),
whenever I try to plot something containing umlauts using ggplot2, I am
seeing sth like
,----
| Error in grid.Call(L_stringMetric, as.graphicsAnnot(x$label)) :
| invalid use of -61 < 0 in 'X11_MetricInfo'
`----
Using base graphics is fine
2016 Jan 21
4
Selecting specific key from agent
There are cases when a user might have multiple keys in ssh-agent, but
wants to use a specific one. Unless I'm mistaken, this is currently
impossible. I've put together a proof of concept using the key's
"filename" (the third column in the output of 'ssh-add -l') and it
works.
Is this a new feature that would be accepted? If so, should the key be
identified with its
2005 Dec 05
3
Specification of identity for ssh client to use
Is there any way to tell the openssh client exactly which identity to
use for an outgoing commection? I know about "-i identityfile", but
it doesn't do what I want. I want to precisely specify the identity
to use, not just add an identity to a list of things to try. Whatever
mechanism is used should work both for local files and for identities
managed by ssh-agent.
My ssh client
2015 Oct 16
2
Is there any solution, or even work on, limiting which keys gets forwarded where?
On Thu, Oct 15, 2015 at 07:02:58PM -0400, Nico Kadel-Garcia wrote:
> On Thu, Oct 15, 2015 at 10:34 AM, hubert depesz lubaczewski
> <depesz at depesz.com> wrote:
> > Hi,
> >
> > I'm in a situation where I'm using multiple SSH keys, each to connect to
> > different set of servers.
> >
> > I can't load/unload keys on demand, as I usually am
2020 Sep 30
4
How to use ssh -i with a key from ssh-agent rather than from a file?
On Wed, Sep 30, 2020 at 03:35:43PM +1000, Damien Miller <djm at mindrot.org> wrote:
> On Wed, 30 Sep 2020, raf wrote:
>
> > Hi,
> >
> > I have a VM with a git repository whose origin is on
> > github. I have several keys known to github, so I needed
> > to set git's core.sshcommand config parameter in the
> > repository to something like this:
2011 Dec 13
3
ssh-agent and IdentityFile
I've noticed that the ssh-agent applies any keys it already has
passwords for (via ssh-add) first, overriding the ssh config files for
preferred identity file from .ssh/config and -i. This seems a
documented behavior.
However, this causes problems with some tool chains that use the
authorized_keys command directive to change behavior based on which
key is used.
In my case, I use gitolite for
2011 Aug 25
1
Add missing -o options in ssh(1) manual
A few options appear to be missing from the list in ssh's manual.
The one I didn't add is EnableSSHKeysign, whose description implies
it is only effective when placed in the system-wide config file.
Index: ssh.1
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh.1,v
retrieving revision 1.319
diff -u -p -r1.319 ssh.1
--- ssh.1 7 May 2011
2023 Nov 12
1
Match Principal enhancement
Hi OpenSSH devs,
I?m wondering if the following has any merit and can be done securely ...
If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like
/etc/ssh/authorized_keys/sshfwd:
cert-authority,principals=?batcha-fwd,batchb-fwd? ...
/etc/ssh/sshd_config containing:
Match User sshfwd
PubkeyAuthentication yes
2019 Apr 02
2
IdentityFile vs IdentitiesOnly
Hi Darren,
On 4/1/19 10:41 AM, Darren Tucker wrote:
> On Mon, 1 Apr 2019 at 08:12, Harald Dunkel <harald.dunkel at aixigo.de> wrote:
>> I've got a moderate number of keys in my ssh config file.
>> Problem: Very often I get an error message like
> [...]
>> The solution seems to be to set IdentitiesOnly, e.g.:
> [...]
>> Shouldn't an explicit
2023 Nov 12
1
Match Principal enhancement
AFAIK everything you described here could be done using the
AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These
can emit authorized_keys options (inc. permitopen) as well as the allowed
keys/principals.
On Sun, 12 Nov 2023, Bret Giddings wrote:
> Hi OpenSSH devs,
>
> I?m wondering if the following has any merit and can be done securely ...
>
> If you could
2011 May 02
12
[Bug 1898] New: possible unreasonable behaviour when using ProxyCommand with multiple IdentityFile(s)
https://bugzilla.mindrot.org/show_bug.cgi?id=1898
Summary: possible unreasonable behaviour when using
ProxyCommand with multiple IdentityFile(s)
Product: Portable OpenSSH
Version: 5.8p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
2016 Sep 26
28
[Bug 2617] New: sign_and_send_pubkey: no separate private key for certificate
https://bugzilla.mindrot.org/show_bug.cgi?id=2617
Bug ID: 2617
Summary: sign_and_send_pubkey: no separate private key for
certificate
Product: Portable OpenSSH
Version: 7.3p1
Hardware: 68k
OS: Mac OS X
Status: NEW
Severity: normal
Priority: P5
Component: ssh
2015 Jan 06
10
[Bug 2331] New: ssh-copy-id -i id_new.pub fails to copy that id, also: wrong error msg
https://bugzilla.mindrot.org/show_bug.cgi?id=2331
Bug ID: 2331
Summary: ssh-copy-id -i id_new.pub fails to copy that id, also:
wrong error msg
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: